Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Two simple scenarios with two WAN links

Good Morning,


Since 1 month I'm the owner FireGate 60D and learn its features so I turn to you for help in solving probably a simple task - to properly configure two WAN ports.

I have two ISP with static IP and would like to implement one of the following scenarios.


Scenario 1. - All HTTPS traffic goes through WAN1, - All other traffic goes through WAN2, - when WAN1 (WAN2) goes down, all traffic goes through WAN2 (WAN1),


Scenario 2.

- All traffic goes through WAN1, - An external access by the WAN2 (WAN2-> internal LAN) - when WAN1 goes down all traffic goes through WAN2,

Can you simply describe me the differences between the WAN Link Load Balancing (System-> Network-> WAN Link Load Balancing) and ECMP Load Balancing Method (Router-> Settings) ? I would be very grateful for any guidance.


p.s. sorry for my simple language

New Contributor



you may want to have a look at this:

which will explain which static route will be in the forwarding table depending on route priority and distance.

And also this may be useful:


For your first scenario:

You can do this by using policy based routing, which I would always try to avoid and Link Health Monitor (Router > Static > Settings)


The second one is a very classic scenario where you will need two default routes (same distance and prio) and ECMP as described in the handbook (second link).


Hope this helps you along...

Have fun and bye bye,


New Contributor

Hi @przemo


First you need to add default routes - one for each wan link. Depending on whether you need incoming services on both wan links ( eg. 1:1 NAT, Port Forward ), you will need to have distance equal on both default routes; priority will determine preference for outbound traffic.  If you don't require incoming services on both links, set shorter distance for preferred link and/or link where general traffic will egress.


Use policy routing to bend specific egress traffic through particular link - eg.

wan1 - general traffic - distance 10 / priority 0

want2 - http/https - distance 20 / priority 0 - policy route: src net -> all, type: 6, port http/https, gateway wan2

... do not set a specific gateway address if fail-over is required ie. use


Otherwise use load-balancing with same distance, priority for both links


Create policies to allow traffic and assign security profiles

int -> wan1 -> all services

int -> wan2 -> http/https


Create ecmp entries for fail-over

Create fail-over policies in case of fail-over


Hope that helps ...









Hello! Guys, thank you very much for all very useful tips and links. In addition, I found and read other explanations from Fortinet's database, and so far I was able to run two wan links in the fail-over configuration (the second scenario).



can you explain to me precisely how to configure the device to get the first scenario? I can not understand your following tips:

"src net -> all, type: 6, port http/https, gateway wan2 ... do not set a specific gateway address if fail-over is required ie. use".


you mean the settings in: Router->Static->Policy Routes?

Top Kudoed Authors